General
-
Target
Quotation-pdf-scan-copy.001
-
Size
395KB
-
Sample
220201-sdyfdsgbbk
-
MD5
1979997f3393b99d4ea138955256d2ce
-
SHA1
c851e845edd693e64ab843cb82143cff795dc5a2
-
SHA256
eed95452ed384be7eb025447726d898ced9727dfa69522539329e693891d56e9
-
SHA512
4230c875e0cef0ef8a812bab4aeb452dbe90d03ad67932f89643ec371ab2034a9337925ebb19d563fd590dde970b18446709da8fa526c57f5ad63ab6967b3025
Static task
static1
Behavioral task
behavioral1
Sample
Quotation-pdf-scan-copy.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Quotation-pdf-scan-copy.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
formbook
4.1
m17y
dental-implants-us-prices.site
eolegends.online
drskinstudio.com
miamivideomapping.com
cqytwater.com
fesfe.net
dlautostore.com
wwwpledge.com
trynutiliti.com
551milesoak.com
jemmetalfab.com
teamtrinitysellsncarolina.com
injurypersonallawyer.com
r3qcf2.xyz
djellaba-boutique.com
t6fwagd.xyz
lm-upto100.com
shyashijz.com
classicbasilicata.com
exactias.com
veocap.xyz
jf-cap.com
oldtraditionstattooparlor.com
egyptshipping.xyz
bdcuhg.com
stecmedia.com
pornvideohall.com
3scy.com
ltmyj.com
supercarniceriasgonvi.com
sdjiahengjixie.com
silvertiaras.com
sedahet.com
peinturefleuri.com
rainfall3d.com
warezhq.com
hsdayp.com
ukhtanytm.com
womensboxing.club
cathayspacific.com
4442tv.com
mekanoshos.com
nomihhealth.com
j3gscd.xyz
kamagranorx.com
hillsidefirm.com
basebastill.com
pureoemo.com
indebtednotable.xyz
odrowiwad.xyz
thenatlali.com
tradeonlink.com
illinimidgets.com
dvtrskgsn.com
efcapcongress.com
girlbest.store
langcustomhomes.net
oncehua.com
corendonnorway.com
streetport.info
3696666.com
ivmmo.biz
doctorfinder.icu
deliriumvery.com
dty191.com
Targets
-
-
Target
Quotation-pdf-scan-copy.exe
-
Size
559KB
-
MD5
6c1c5e57b9051fa432bfa5f29d71e5a6
-
SHA1
a818b8d1c0ddac0f965c3841bafe845a848ff43f
-
SHA256
95773ba387f93d567c9b0dd7e7c6a71e67e9545b146231c7acfc24d040fdd249
-
SHA512
aab3c398821be5779c85a0b8ea4edb55d95e87dce1c44362b13a9bcefac557a2e7cf6619c227187eb3501f3e6c4b27faa2e809dba49ebe5c4ad8585630515b7e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-